AnsweredAssumed Answered

Is this a common/proven VPN Routing setup using vpn_route.conf?

Question asked by 1f714bd7-a286-4405-861b-d2d02a39d2b7 on Oct 29, 2018

Hi all,

I searched for the right place asking this, nothing was 100% suitable, hope this place is not too wrong.


My question is basically about vpn routing. I uploaded a topology picture of the current setup and the target setup.
I think I put all the necessary information inside, nonetheless, below few words about it :-)

 

 

The final target is like:

  • Communication between Site-Z and Site-D, E & F should be unencrypted but still inspected by the firewalls using dedicated private line
  • Site-D is acting as hub for Site-E & F to reach Site-Z
  • Site-D itself is communicating as well to Size-Z using the private line
  • Private line is transparent to the SGWs. They just need to sent the traffic to the corresponding site RTR.

 

Current plannning:

  • Remove Site-D, E & F from Star VPN Community
  • Using vpn_route.conf to promote FW_SiteD as Hub GW for Site-E & F
  • Set some static routes on FW_SiteD to route traffic from Site-D, E & F through private line to Site-Z
  • Set some static routes on FW_SiteZ to route traffic from Site-Z through private line to Site-D, E & F


I tested this already in a lab and it´s working fine so far.
My question to you, is this a common / proven way to achieve the target scenario? Or did i missed something / are there better ways to do?
I´m wondering if there is another way which is more, let´s say, "visible"?

I appreciate any kind of feedback, especially on any real world experience on this kind of setup.

 

Regards

Rick

Attachments

Outcomes